Previous Topic: Access Rules for Minidisk Format ProtectionNext Topic: VSE Data Set Access Rules

Maintaining Access Rules with the ACF CommandAccess Rule ComponentsAccess Rule EntriesOS/390 Data Set Access Rules

OS/390 Data Set Access Rules

We can use Ann Smith's Applications Department to look at some simplified examples of access rules for OS/390 data sets. Assume that the payroll information, including salary rates and other confidential information, is on the data set PAYROLL.MASTER.DATA. Ann wants to let herself and only her lead programmer (TLCPJM) access this data set. In addition, the programmer is only allowed access to read the data for thirty days. Ann has already written a rule set to allow link access to her OS/390 minidisk. Ann's rule set to allow access to PAYROLL.MASTER.DATA looks like this:

$KEY(PAYROLL)
 MASTER.DATA UID(APPMGRTLCAMS) READ(A)
 MASTER.DATA UID(APPPRGTLCPJM) READ(A) FOR(30)

The $KEY indicates that the high level index of the data set is PAYROLL. The first field in each rule entry is the remainder of the data set name (MASTER.DATA). The UID fields specify the users being given read authority. The FOR parameter indicates the programmer has access only for 30 days. Ann keeps a current project list online for her department in the data set TLCAMS.CURRENT.PROJECTS. She wants to let everyone in the department read this data set. She has authorized her lead programmer to update the rule set that governs her own data sets, which she indexes using her logonid, TLCAMS. Below is a sample of how Ann's rule set appears:

$KEY(TLCAMS)
*MY LEAD PROGRAMMER CAN UPDATE MY RULE SET
%CHANGE APPPRGTLCPJM
*ALL APPLICATION PERSONNEL CAN READ THE PROJECT LIST
 CURRENT.PROJECTS UID(APP) READ(A)
Using the VOL Parameter

The VOL parameter indicates the specific volume serial numbers a user can access to provide additional flexibility and control when creating an access rule. For example, an existing rule set lets a systems programmer, ABCSYSTLCABC, link access to OS/390 volumes PROD01 and TEST01. If both volumes contain a data set named SYS1.PARMLIB, you can use the following rule set to grant ABCSYSTLCABC read access to the copy of SYS1.PARMLIB on volume TEST01:

$KEY(SYS1)
 PARMLIB UID(ABCSYSTLCABC) READ(A) VOL(TEST01)

You can also mask the VOL parameter.

$KEY(SYS1)
 PARMLIB UID(ABCSYSTLCABC) READ(A) VOL(TEST**)

In this example, ABCSYSTLCABC can read data set SYS1.PARMLIB on any DASD device with a volume serial number beginning with TEST.

You can also use the VOL parameter for OS/390 file protection.